1. The editor’s opening remarks
The revolutionary significance of the mimetic structure in "changing the rules of the game in cyberspace" indicates that the endogenous security mechanism of " quantifiable design and verifiable measurement " will surely become one of the iconic usage technologies of the new generation of software and hardware products in the information field and related fields. one.
——Ministry of Industry and Information Technology
2. Sources of endogenous security theory
In 2013, Academician Wu Jiangxing proposed the idea of building a mimic defense based on the endogenous security characteristics of the variable structure collaborative computing model of mimic computing , and received project support from the Ministry of Science and Technology and the Shanghai Science and Technology Commission. In May of the following year, the "Mimic Defense Principle Verification System" research project was launched. At the same time, the idea of endogenous security was officially born.
3. What are the aspects of endogenous security issues?
Due to the staged characteristics of human technological development and cognitive level, it is impossible to completely avoid vulnerabilities, loopholes, and backdoor problems in software and hardware design. Exhausting or thoroughly investigating the loopholes or backdoor problems in the target system's software and hardware code will still be a problem in the foreseeable future. There are theoretical and technical challenges that are difficult to overcome . Therefore, as long as there is a high-risk vulnerability or a backdoor is implanted in the information system or control device (known as the implicit dark function or explicit side effect of the undesired software and hardware entity), the service of the entire system may be untrustworthy or partially compromised. Even the failure of all functions, so the problem of software and hardware vulnerabilities and backdoors is an endogenous security problem in cyberspace .
4. Definition of endogenous safety functions
It refers to the quantifiable design and verifiable measurement security functions obtained by utilizing the endogenous effects of the target system's own architecture, functions, and operating mechanisms . Its functional effectiveness does not rely on the attacker's prior knowledge or characteristic information, nor does it rely on (but can be integrated with) plug-in traditional security technologies. Only the architecture's unique endogenous security mechanism can achieve the goal of suppressing endogenous attacks based on the target system. Confirmed or uncertain threats to security issues.
5. The difference between endogenous security mechanisms and traditional security technologies
The endogenous security mechanism is an innate non-specific immune mechanism of the system , which can form a universal defense capability against various network threats and security attacks, also known as "surface defense"; the current mainstream security mechanism is a plug-in acquired specificity. The immune mechanism, through its learning or memory ability, mainly takes protective measures against deterministic threatening behaviors or attacks, also known as "point defense" . Endogenous security mechanisms can integrate current or future defense technologies and security methods to build an integrated defense system that integrates the "face defense" of innate immunity and the "point defense" of acquired immunity, which can accurately suppress characteristic behaviors and clearly Network attacks can also effectively control unknown and uncertain security threats, improving security gains by exponential orders of magnitude.
6. The relationship between mimicry defense and endogenous security
Mimicry defense technology effectively solves endogenous security issues and effectively defends against classic network attacks based on internal vulnerabilities and backdoors in software and hardware such as "leaking holes", "setting up backdoors", "planting viruses", and "hiding Trojans", and effectively suppresses or controls certain or unreliable attacks. Identify risks, known or unknown security threats, and focus on solving the system's own security protection issues. Mimic defense technology belongs to the category of endogenous security and is an application of cyberspace security technology based on endogenous security mechanisms.
7. Origin of Mimic Defense
The concept of mimicry defense originated from biology and was proposed in 2008 by Wu Jiangxing, an academician of the Chinese Academy of Engineering. Academician Wu combined biological theory and systems engineering theory to creatively propose and form a mimic defense theoretical system and core technology.
Mimicry octopus, known as the "Master of Disguise" in the biological world (mimicry refers to an ecological adaptation phenomenon in which one organism imitates another organism in terms of shape, behavior and other characteristics, thereby benefiting one or both parties. It is the long-term evolution of animals in nature. Special behavior formed. Mimicry includes three parties: the imitator, the imitated and the deceived.) , under the condition that the intrinsic functions remain unchanged, by constantly adjusting its own color, texture, shape and behavioral changes , it uses its own structure and Physiological characteristics "conceal the true and reveal the false", causing a cognitive dilemma for attackers, thereby significantly reducing the effectiveness of the attack to achieve their own security defense. Biology calls this phenomenon "mimicry" .
8. Core Ideas of Mimic Defense
Structure determines safety, and changing structure produces endogenous safety effects.
9. Technical architecture of mimicry defense
Mimicry defense architecture, also known as dynamic heterogeneous redundant architecture (DHR), includes input assignment, heterogeneous executive resource pool, output agent, mimicry ruling, heterogeneous reconstruction and policy scheduling, feedback control and other functional components.
10. Implementation Principle of Mimic Defense DHR Technical Architecture
1. Input information (such as WEB requests, etc.) is connected to the corresponding heterogeneous execution body through a certain adaptation mechanism;
2. Heterogeneous execution bodies in the resource pool perform multi-level and diversified compilation of input information to realize the transformation of the same input information into multiple target information (functionally equivalent). The attacker needs to be able to achieve coordination of multiple goals in a mimic environment. Attack and achieve consistent attack effects before proceeding to the next attack step, but this process requires the attacker to pay a huge attack cost and attack price ;
3. Mimic judgment judges the output information of heterogeneous execution bodies through a combination or iteration of majority selection, consistency comparison, weight judgment, etc., and sends relevant status information to the feedback controller;
4. The feedback controller adjusts the heterogeneity of the defense scenario based on the abnormal status information of the arbiter, including the replacement of execution bodies, online and offline operations, cleaning and other operations, until it meets the specification requirements;
5. The output agent performs standardized preprocessing on multi-mode output information to achieve standardized normalized output.
Mimic defense takes mimic border fortification and key area defense as the starting point, with the purpose of maintaining the stability of target objects (networks, platforms, systems, components, assemblies, software and hardware modules) within the mimic world (mimic defense coverage area), and uses specific resources to The policy scheduling and multi-dimensional dynamic reconstruction negative feedback mechanism of heterogeneous executors under certain conditions are used to improve the availability of defense resources within the mimicry world. Mimicry adjudication and backward verification mechanisms are used as means to improve the vulnerability backdoor availability of heterogeneous executors. Focus on accessibility and collaborative utilization to achieve robust characteristics of functional performance of the target object.
11. Mimic Defense Application Scenarios
Mimic-structured network, security, cloud computing and other software and hardware information products are suitable for all application scenarios before product improvement, including data centers, government networks, military classified networks, Internet of Things, industrial Internet, and office networks of government and enterprise units , mobile/branch network access, Internet export and other scenarios.
12. Mimic defense achieves high availability, high reliability, and high security
High reliability: Transform a single functional body into multiple redundant heterogeneous functional bodies to independently complete function implementation. When some of the heterogeneous functional bodies fail and cannot work normally, the business function operation of the system will not be affected . In addition, the feedback scheduling mechanism can monitor, clean, and bring online abnormal heterogeneous functions in real time, further ensuring the stable and reliable operation of system services or functions.
High reliability: Mimic defense has a complete adjudication mechanism and negative feedback mechanism. When heterogeneous functional bodies are attacked by internal and external threats, the mimic defense mechanism can convert individual attack events into quantifiable probability and controllable security at the system level. event. Specifically, it is reflected in the combined iterative decision-making ability of the arbitration mechanism, which has the ability to reorganize and reconstruct heterogeneous functional bodies such as migration, cleaning, and online and offline operations.
High availability: Multi-heterogeneous functional bodies have redundant functions, similar to mutual primary and backup functions, and have the ability to continuously provide system services.
13. Key points of mimicry defense 8122 theory
14. Practical application of endogenous security mimicry defense
In recent years, mimicry defense technology based on endogenous security (ESS) and generalized robust control (GRC) theories has rapidly entered the practical stage with the promotion of the special pilot program of the Ministry of Industry and Information Technology.
On January 13 , the world's first domain name server with a pseudomorphic structure was put online at the Henan branch of China United Communications Corporation.
On May 11 , COTS-level information communication network equipment based on mimicry structure was the target facility of the first international elite challenge "Man-Machine War" of Nanjing, China, and competed with the top 20 networks including the second national "Strong Network Cup" The team and a luxurious lineup including six specially invited top overseas teams launched a fierce "human-machine game", and for the first time added "offline white box" injection attack competition content, using "changed game rules" to test It has the ability to defend against injected backdoors or malicious code using mimic construction technology.
In April , the Ministry of Industry and Information Technology organized a pilot task technology test and acceptance in Zhengzhou, and conducted service function, performance, and black-box and white-box security tests on the online mimicry equipment structure. The results proved that "the service performance and security performance of the tested equipment are completely Meets theoretical expectations."
On May 22 , the 2nd Mimic Defense International Elite Challenge held in Nanjing adopted the innovative "black box/white box/top" BWM competition system. It lasted more than 20 hours and implemented 2.96 million effective attacks and 5,700 attacks. Multiple high-risk vulnerability attacks.
The results of the competition proved that the network service equipment with a mimic structure can not only naturally block attacks based on software and hardware code vulnerabilities, but also has an "indestructible body" against the "self-prepared test cases" implanted by each team on site under white-box conditions. ".
On June 29 , Purple Mountain Laboratory (PML) opened the world's first global, full-time network endogenous security test bed (NEST) that adopts a perennial bounty system, which can not only provide global hackers with "invincible" It is a professional occasion for public testing of kungfu, and it can also present an "impregnable" stage for global information product manufacturers.
Over the past two years, a large number of attack scenario snapshots and data have been accumulated, which strongly proves that the pseudomorphic structure based on system engineering theory can enable information systems to achieve the "trinity" of economics and technology of high reliability, high availability, and high security throughout the life cycle. Target.
In September , the Ministry of Industry and Information Technology organized an evaluation and acceptance meeting for the pilot mission. The meeting concluded that "the mimicry structure has reached a level of generalization and application in terms of technical maturity, universality and economy" and "the execution of the pilot mission has fully met the expected goals of mimicry defense." ".
——Excerpt from the book "Intrinsic Security in Cyberspace"
The third "Strong Network" Mimic Defense International Elite Challenge has just come to an end. A team of 40 top "white hat hackers" from 14 countries including China, the United States, Russia, Germany, Japan, South Korea, and India, will attack the "new infrastructure" of mimetic structures based on the endogenous security theory originally created by Chinese scientist Wu Jiangxing. Core equipment and related network equipment have been subjected to more than 2.8 million all-round and high-intensity attack tests, including more than 29,000 high-risk attacks, and none of them were successful. The feasibility and universality of the endogenous security technology of cyberspace mimic defense have once again been fully verified.
Reprinted from: Dry information | FAQ long popular science article, everything you want to know about endogenous security mimicry defense is here - Zhihu